CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

103 matches found

CVE•added 2026/05/22 3:23 p.m.•12 views

CVE-2026-9247

CVE-2026-9247: Insufficient logging in Devolutions Server’s entry export feature allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification. Affected: Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. Root cause: l...

2.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/19 9:28 a.m.•5 views

CVE-2026-31388 Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00167EPSS

Exploits0References1

CVE•added 2026/05/19 9:28 a.m.•7 views

CVE-2026-31388

CVE-2026-31388 affects Apache OFBiz in multi-tenant deployments and is due to Improper Access Control, enabling cross-tenant data exposure via the Program Export feature. Affected versions are before 24.09.06. The advisory recommends upgrading to OFBiz 24.09.06 or later to fix the issue. No explo...

5.3CVSS5.8AI score0.00167EPSS

Exploits0References2Affected Software1

NVD•added 2026/04/08 5:21 p.m.•2 views

CVE-2026-2377

A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery SSRF...

6.5CVSS0.00012EPSS

Exploits0References6

Cvelist•added 2026/02/06 6:17 a.m.•27 views

CVE-2026-0521 Reflected Cross-Site Scripting in PDF Export Error Message

A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...

7.1CVSS0.0003EPSS

Exploits1References2

OSV•added 2026/01/22 5:15 p.m.•3 views

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

8.7CVSS5.8AI score

Exploits0References8

Cvelist•added 2026/01/22 4:55 p.m.•16 views

CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics

8.7CVSS0.00187EPSS

Exploits0References8

ATTACKERKB•added 2026/01/22 4:55 p.m.•3 views

CVE-2023-7335

8.7CVSS5.6AI score0.00187EPSS

Exploits0References7

CVE•added 2026/01/18 10:45 p.m.•11 views

CVE-2026-23626

Kimai (time-tracking app) before v2.46.0 is vulnerable to an authenticated SSTI via the export template sandbox. The export policy uses DefaultPolicy, which imposes no restrictions on Twig tags, methods, or properties, allowing an attacker with export permissions to deploy a malicious Twig templa...

6.8CVSS6.4AI score0.00074EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/01/13 9:31 p.m.•7 views

Quill is vulnerable to XSS via HTML export feature

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

6.1CVSS6.2AI score0.00068EPSS

Exploits1References4Affected Software1

OSV•added 2026/01/05 8:2 p.m.•3 views

GHSA-824X-88XG-CWRV Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...

8.3CVSS6.8AI score0.0003EPSS

Exploits3References4

Cvelist•added 2025/11/21 7:31 a.m.•4 views

CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

5.3CVSS0.00068EPSS

Exploits0References2